search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Revert "TODO epan/dissectors/asn1/kerberos/packet-kerberos-template.c new GSS flags"
[wireshark-sm.git] / epan / dissectors / packet-dcom-typeinfo.c
blob0b5380c451583a425dc5f51e74074390165d50c1
1 /* packet-dcom-typeinfo.c
2 * Routines for DCOM ITypeInfo
3 * Copyright 2019, Alex Sirr <alexsirruw@gmail.com>
4 *
5 * Wireshark - Network traffic analyzer
6 * By Gerald Combs <gerald@wireshark.org>
7 * Copyright 1998 Gerald Combs
8 *
9 * SPDX-License-Identifier: GPL-2.0-or-later
10 */
11
12 /* see packet-dcom.c for details about DCOM */
13
14 #include "config.h"
15
16 #include <epan/packet.h>
17 #include <epan/tfs.h>
18 #include "packet-dcerpc.h"
19 #include "packet-dcom.h"
20
21 #include "packet-dcerpc-nt.h"
22
23 void proto_register_dcom_typeinfo(void);
24 void proto_reg_handoff_dcom_typeinfo(void);
25
26 static int ett_typeinfo_funcdesc;
27 static int hf_typeinfo_funcdesc;
28 static int hf_typeinfo_funcdesc_funcflags;
29 static int ett_typeinfo_funcdesc_funcflags;
30 static int hf_typeinfo_funcdesc_funcflags_frestricted;
31 static int hf_typeinfo_funcdesc_funcflags_fsource;
32 static int hf_typeinfo_funcdesc_funcflags_fbindable;
33 static int hf_typeinfo_funcdesc_funcflags_frequestedit;
34 static int hf_typeinfo_funcdesc_funcflags_fdisplaybind;
35 static int hf_typeinfo_funcdesc_funcflags_fdefaultbind;
36 static int hf_typeinfo_funcdesc_funcflags_fhidden;
37 static int hf_typeinfo_funcdesc_funcflags_fusesgetlasterror;
38 static int hf_typeinfo_funcdesc_funcflags_fdefaultcollelem;
39 static int hf_typeinfo_funcdesc_funcflags_fuidefault;
40 static int hf_typeinfo_funcdesc_funcflags_fnowbrowsable;
41 static int hf_typeinfo_funcdesc_funcflags_freplaceable;
42 static int hf_typeinfo_funcdesc_funcflags_fimmediatebind;
43
44 #define FUNCFLAG_FRESTRICTED 0x00000001
45 #define FUNCFLAG_FSOURCE 0x00000002
46 #define FUNCFLAG_FBINDABLE 0x00000004
47 #define FUNCFLAG_FREQUESTEDIT 0x00000008
48 #define FUNCFLAG_FDISPLAYBIND 0x00000010
49 #define FUNCFLAG_FDEFAULTBIND 0x00000020
50 #define FUNCFLAG_FHIDDEN 0x00000040
51 #define FUNCFLAG_FUSESGETLASTERROR 0x00000080
52 #define FUNCFLAG_FDEFAULTCOLLELEM 0x00000100
53 #define FUNCFLAG_FUIDEFAULT 0x00000200
54 #define FUNCFLAG_FNONBROWSABLE 0x00000400
55 #define FUNCFLAG_FREPLACEABLE 0x00000800
56 #define FUNCFLAG_FIMMEDIATEBIND 0x00001000
57
58 static int hf_typeinfo_funcdesc_funckind;
59 static int hf_typeinfo_funcdesc_invkind;
60 static int hf_typeinfo_funcdesc_callconv;
61 static int hf_typeinfo_funcdesc_params;
62 static int hf_typeinfo_funcdesc_paramsopt;
63 static int hf_typeinfo_funcdesc_memid;
64 static int hf_typeinfo_funcdesc_vft;
65 static int hf_typeinfo_funcdesc_resv16;
66 static int hf_typeinfo_funcdesc_resv32;
67 static int ett_typeinfo_elemdesc;
68 static int hf_typeinfo_funcdesc_elemdesc;
69
70 static int ett_typeinfo_typedesc;
71 static int hf_typeinfo_typedesc;
72
73 static int ett_typeinfo_paramdesc;
74 static int hf_typeinfo_paramdesc;
75 static int ett_typeinfo_paramdesc_paramflags;
76 static int hf_typeinfo_paramdesc_paramflags;
77 static int hf_typeinfo_paramdesc_paramflags_fin;
78 static int hf_typeinfo_paramdesc_paramflags_fout;
79 static int hf_typeinfo_paramdesc_paramflags_flcid;
80 static int hf_typeinfo_paramdesc_paramflags_fretval;
81 static int hf_typeinfo_paramdesc_paramflags_fopt;
82 static int hf_typeinfo_paramdesc_paramflags_fhasdefault;
83 static int hf_typeinfo_paramdesc_paramflags_fhascustdata;
84
85 #define PARAMFLAG_FIN 0x00000001
86 #define PARAMFLAG_FOUT 0x00000002
87 #define PARAMFLAG_FLCID 0x00000004
88 #define PARAMFLAG_FRETVAL 0x00000008
89 #define PARAMFLAG_FOPT 0x00000010
90 #define PARAMFLAG_FHASDEFAULT 0x00000020
91 #define PARAMFLAG_FHASCUSTDATA 0x00000040
92
93 static int ett_typeinfo_paramdescex;
94 static int hf_typeinfo_paramdescex;
95 static int hf_typeinfo_paramdescex_cbytes;
96 static int hf_typeinfo_paramdescex_varDefaultValue;
97
98 static int hf_typeinfo_typedesc_vtret;
99 static int hf_typeinfo_typedesc_hreftype;
100
101 static int hf_typeinfo_opnum;
102 static int hf_typeinfo_index;
103
104 static int hf_typeinfo_memid;
105 static int hf_typeinfo_reserved32;
106 static int hf_typeinfo_reserved16;
107
108 static int hf_typeinfo_names;
109 static int hf_typeinfo_names_value;
110 static int hf_typeinfo_maxnames;
111
112 static int hf_typeinfo_docname;
113 static int hf_typeinfo_docstring;
114 static int hf_typeinfo_helpctx;
115 static int hf_typeinfo_helpfile;
116
117 static int ett_typeinfo_docflags;
118 static int hf_typeinfo_docflags;
119 static int hf_typeinfo_docflags_name;
120 static int hf_typeinfo_docflags_docstring;
121 static int hf_typeinfo_docflags_helpctx;
122 static int hf_typeinfo_docflags_helpfile;
123
124 #define TYPEINFO_DOCFLAGS_NameArg 1
125 #define TYPEINFO_DOCFLAGS_DocStringArg 2
126 #define TYPEINFO_DOCFLAGS_HelpContextArg 4
127 #define TYPEINFO_DOCFLAGS_HelpFileArg 8
128
129 static int ett_typeinfo_typeflags;
130 static int hf_typeinfo_typeflags;
131 static int hf_typeinfo_typeflags_fappobject;
132 static int hf_typeinfo_typeflags_fcancreate;
133 static int hf_typeinfo_typeflags_flicensed;
134 static int hf_typeinfo_typeflags_fpredeclid;
135 static int hf_typeinfo_typeflags_fhidden;
136 static int hf_typeinfo_typeflags_fcontrol;
137 static int hf_typeinfo_typeflags_fdual;
138 static int hf_typeinfo_typeflags_fnonextensible;
139 static int hf_typeinfo_typeflags_foleautomation;
140 static int hf_typeinfo_typeflags_frestricted;
141 static int hf_typeinfo_typeflags_faggregatable;
142 static int hf_typeinfo_typeflags_freplaceable;
143 static int hf_typeinfo_typeflags_fdispatchable;
144 static int hf_typeinfo_typeflags_fproxy;
145
146 #define TYPEINFO_TYPEFLAG_FAPPOBJECT 0x00000001
147 #define TYPEINFO_TYPEFLAG_FCANCREATE 0x00000002
148 #define TYPEINFO_TYPEFLAG_FLICENSED 0x00000004
149 #define TYPEINFO_TYPEFLAG_FPREDECLID 0x00000008
150 #define TYPEINFO_TYPEFLAG_FHIDDEN 0x00000010
151 #define TYPEINFO_TYPEFLAG_FCONTROL 0x00000020
152 #define TYPEINFO_TYPEFLAG_FDUAL 0x00000040
153 #define TYPEINFO_TYPEFLAG_FNONEXTENSIBLE 0x00000080
154 #define TYPEINFO_TYPEFLAG_FOLEAUTOMATION 0x00000100
155 #define TYPEINFO_TYPEFLAG_FRESTRICTED 0x00000200
156 #define TYPEINFO_TYPEFLAG_FAGGREGATABLE 0x00000400
157 #define TYPEINFO_TYPEFLAG_FREPLACEABLE 0x00000800
158 #define TYPEINFO_TYPEFLAG_FDISPATCHABLE 0x00001000
159 #define TYPEINFO_TYPEFLAG_FPROXY 0x00004000
160
161 static int ett_typeinfo_typeattr;
162 static int hf_typeinfo_typeattr;
163 static int hf_typeinfo_guid;
164 static int hf_typeinfo_lcid;
165 static int hf_typeinfo_sizeInstance;
166 static int hf_typeinfo_typekind;
167 static int hf_typeinfo_cFuncs;
168 static int hf_typeinfo_cVars;
169 static int hf_typeinfo_cImplTypes;
170 static int hf_typeinfo_cbSizeVft;
171 static int hf_typeinfo_cbAlignment;
172 static int hf_typeinfo_wMajorVerNum;
173 static int hf_typeinfo_wMinorVerNum;
174
175 static int ett_typeinfo_names;
176
177 static e_guid_t uuid_typeinfo = {0x00020401, 0x0000, 0x0000, {0xc0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x46}};
178 static uint16_t ver_typeinfo;
179 static int ett_typeinfo;
180 static int proto_typeinfo;
181
182 static const value_string dcom_lcid_vals[] = {
183 {0x0000, "Language neutral"},
184 {0x0400, "LOCALE_USER_DEFAULT"},
185 {0x0409, "English (United States)"},
186 {0x0800, "LOCALE_SYSTEM_DEFAULT"},
187 {0, NULL}};
188
189 static const value_string typekind_vals[] = {
190 {0x0, "TKIND_ENUM"},
191 {0x01, "TKIND_RECORD"},
192 {0x02, "TKIND_MODULE"},
193 {0x03, "TKIND_INTERFACE"},
194 {0x04, "TKIND_DISPATCH"},
195 {0x05, "TKIND_COCLASS"},
196 {0x06, "TKIND_ALIAS"},
197 {0x07, "TKIND_UNION"},
198 {0, NULL}};
199
200
201
202 static int dissect_typeinfo_PARAMDESCEX(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, uint8_t *drep, int hfindex);
203 static int dissect_typeinfo_PARAMDESCEX_through_pointer(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, uint8_t *drep);
204 static int dissect_typeinfo_PARAMDESC(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, uint8_t *drep, int hfindex);
205 static int dissect_typeinfo_TYPEDESC_item(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, uint8_t *drep);
206 static int dissect_typeinfo_TYPEDESC(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, uint8_t *drep, int hfindex);
207 static int dissect_typeinfo_ELEMDESC(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, uint8_t *drep, int hfindex);
208 static int dissect_typeinfo_ELEMDESC_through_pointer(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, uint8_t *drep);
209 static int dissect_typeinfo_ELEMDESC_array(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, uint8_t *drep);
210 static int dissect_typeinfo_FUNCDESC(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, uint8_t *drep, int hfindex);
211 static int dissect_typeinfo_TYPEATTR(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, uint8_t *drep, int hfindex);
212 static int dissect_typeinfo_TYPEATTR_through_pointer(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, uint8_t *drep);
213 static int dissect_typeinfo_FUNCDESC_through_pointer(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, uint8_t *drep);
214 static int dissect_ITypeInfo_GetFuncDesc_rqst(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, uint8_t *drep);
215 static int dissect_ITypeInfo_GetFuncDesc_resp(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, uint8_t *drep);
216 static int dissect_ITypeInfo_GetNames_rqst(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, uint8_t *drep);
217 static int dissect_ITypeInfo_GetNames_resp(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, uint8_t *drep);
218 static int dissect_ITypeInfo_GetDocumentation_rqst(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, uint8_t *drep);
219 static int dissect_ITypeInfo_GetDocumentation_resp(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, uint8_t *drep);
220 static int dissect_ITypeInfo_GetTypeAttr_rqst(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, uint8_t *drep);
221 static int dissect_ITypeInfo_GetTypeAttr_resp(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, uint8_t *drep);
222
223 int dissect_typeinfo_PARAMDESCEX(tvbuff_t *tvb, int offset, packet_info *pinfo,
224 proto_tree *tree, dcerpc_info *di, uint8_t *drep, int hfindex)
225 {
226 uint32_t u32Pointer;
227
228 proto_item *sub_item;
229 proto_tree *sub_tree;
230 uint32_t u32SubStart;
231
232 /* alignment of 4 needed for a PARAMDESCEX */
233 ALIGN_TO_4_BYTES;
234
235 sub_item = proto_tree_add_item(tree, hfindex, tvb, offset, 0, ENC_NA);
236 sub_tree = proto_item_add_subtree(sub_item, ett_typeinfo_paramdescex);
237
238 u32SubStart = offset;
239
240 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
241 hf_typeinfo_paramdescex_cbytes, NULL);
242
243 offset = dissect_dcom_dcerpc_pointer(tvb, offset, pinfo, sub_tree, di, drep, &u32Pointer);
244
245 if (u32Pointer)
246 {
247 offset = dissect_dcom_VARIANT(tvb, offset, pinfo, sub_tree, di, drep,
248 hf_typeinfo_paramdescex_varDefaultValue);
249 }
250
251 proto_item_set_len(sub_item, offset - u32SubStart);
252 return offset;
253 }
254
255 int dissect_typeinfo_PARAMDESCEX_through_pointer(tvbuff_t *tvb, int offset, packet_info *pinfo,
256 proto_tree *tree, dcerpc_info *di, uint8_t *drep)
257 {
258 return dissect_typeinfo_PARAMDESCEX(tvb, offset, pinfo, tree, di, drep, hf_typeinfo_paramdescex);
259 }
260
261 int dissect_typeinfo_PARAMDESC(tvbuff_t *tvb, int offset, packet_info *pinfo,
262 proto_tree *tree, dcerpc_info *di, uint8_t *drep, int hfindex)
263 {
264 uint16_t u16wParamFlags;
265
266 proto_item *sub_item;
267 proto_tree *sub_tree;
268 uint32_t u32SubStart;
269
270 static int * const flags[] = {
271 &hf_typeinfo_paramdesc_paramflags_fin,
272 &hf_typeinfo_paramdesc_paramflags_fout,
273 &hf_typeinfo_paramdesc_paramflags_flcid,
274 &hf_typeinfo_paramdesc_paramflags_fretval,
275 &hf_typeinfo_paramdesc_paramflags_fopt,
276 &hf_typeinfo_paramdesc_paramflags_fhasdefault,
277 &hf_typeinfo_paramdesc_paramflags_fhascustdata,
278 NULL};
279
280 /* alignment of 4 needed for a PARAMDESC */
281 ALIGN_TO_4_BYTES;
282
283 sub_item = proto_tree_add_item(tree, hfindex, tvb, offset, 0, ENC_NA);
284 sub_tree = proto_item_add_subtree(sub_item, ett_typeinfo_paramdesc);
285
286 u32SubStart = offset;
287
288 // pparamdescex
289 offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, sub_tree, di, drep, dissect_typeinfo_PARAMDESCEX_through_pointer,
290 NDR_POINTER_PTR, "Pointer to ParamDescEx", hf_typeinfo_paramdescex);
291
292 // wParamFlags
293 uint16_t u16TmpOffset;
294 u16TmpOffset = dissect_dcom_WORD(tvb, offset, pinfo, NULL, di, drep, -1, &u16wParamFlags);
295
296 proto_tree_add_bitmask_value(sub_tree, tvb, offset, hf_typeinfo_paramdesc_paramflags,
297 ett_typeinfo_paramdesc_paramflags, flags, u16wParamFlags);
298
299 offset = u16TmpOffset;
300
301 proto_item_set_len(sub_item, offset - u32SubStart);
302 return offset;
303 }
304
305 int dissect_typeinfo_TYPEDESC_item(tvbuff_t *tvb, int offset, packet_info *pinfo,
306 proto_tree *tree, dcerpc_info *di, uint8_t *drep)
307 {
308 return dissect_typeinfo_TYPEDESC(tvb, offset, pinfo, tree, di, drep, hf_typeinfo_typedesc);
309 }
310
311 int dissect_typeinfo_TYPEDESC(tvbuff_t *tvb, int offset, packet_info *pinfo,
312 proto_tree *tree, dcerpc_info *di, uint8_t *drep, int hfindex)
313 {
314 uint16_t u16vtrettag;
315
316 proto_item *sub_item;
317 proto_tree *sub_tree;
318 uint32_t u32SubStart;
319
320 /* alignment of 4 needed for a TYPEDESC */
321 ALIGN_TO_4_BYTES;
322
323 sub_item = proto_tree_add_item(tree, hfindex, tvb, offset, 0, ENC_NA);
324 sub_tree = proto_item_add_subtree(sub_item, ett_typeinfo_typedesc);
325
326 u32SubStart = offset;
327
328 // vt of ret (union tag)
329 offset = dissect_dcom_WORD(tvb, offset, pinfo, sub_tree, di, drep,
330 hf_typeinfo_typedesc_vtret, &u16vtrettag);
331
332 if (u16vtrettag == 26 || u16vtrettag == 27) // WIRESHARK_VT_PTR || WIRESHARK_VT_SAFEARRAY
333 {
334 offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, sub_tree, di, drep, dissect_typeinfo_TYPEDESC_item,
335 NDR_POINTER_PTR, "TypeDesc", hf_typeinfo_typedesc);
336 }
337 else if (u16vtrettag == 28) //WIRESHARK_VT_CARRAY
338 {
339 // NOT IMPLEMENTED
340 }
341 else if (u16vtrettag == 29) //WIRESHARK_VT_USERDEFINED
342 {
343 // typedef DWORD HREFTYPE;
344 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
345 hf_typeinfo_typedesc_hreftype, NULL);
346 }
347
348 // vt of ret
349 offset = dissect_dcom_WORD(tvb, offset, pinfo, sub_tree, di, drep,
350 hf_typeinfo_typedesc_vtret, NULL);
351
352 proto_item_set_len(sub_item, offset - u32SubStart);
353 return offset;
354 }
355
356 int dissect_typeinfo_ELEMDESC(tvbuff_t *tvb, int offset, packet_info *pinfo,
357 proto_tree *tree, dcerpc_info *di, uint8_t *drep, int hfindex)
358 {
359 proto_item *sub_item;
360 proto_tree *sub_tree;
361 uint32_t u32SubStart;
362
363 /* alignment of 4 needed for a ELEMDESC */
364 ALIGN_TO_4_BYTES;
365
366 sub_item = proto_tree_add_item(tree, hfindex, tvb, offset, 0, ENC_NA);
367 sub_tree = proto_item_add_subtree(sub_item, ett_typeinfo_elemdesc);
368
369 u32SubStart = offset;
370
371 offset = dissect_typeinfo_TYPEDESC(tvb, offset, pinfo, sub_tree, di, drep, hf_typeinfo_typedesc);
372 offset = dissect_typeinfo_PARAMDESC(tvb, offset, pinfo, sub_tree, di, drep, hf_typeinfo_paramdesc);
373
374 proto_item_set_len(sub_item, offset - u32SubStart);
375
376 return offset;
377 }
378
379 int dissect_typeinfo_ELEMDESC_through_pointer(tvbuff_t *tvb, int offset,
380 packet_info *pinfo, proto_tree *tree, dcerpc_info *di, uint8_t *drep)
381 {
382 return dissect_typeinfo_ELEMDESC(tvb, offset, pinfo, tree, di, drep, hf_typeinfo_funcdesc_elemdesc);
383 }
384
385 int dissect_typeinfo_ELEMDESC_array(tvbuff_t *tvb, int offset,
386 packet_info *pinfo, proto_tree *tree, dcerpc_info *di, uint8_t *drep)
387 {
388 return dissect_ndr_ucarray(tvb, offset, pinfo, tree, di, drep, dissect_typeinfo_ELEMDESC_through_pointer);
389 }
390
391 int dissect_typeinfo_FUNCDESC(tvbuff_t *tvb, int offset,
392 packet_info *pinfo, proto_tree *tree, dcerpc_info *di, uint8_t *drep, int hfindex)
393 {
394 uint16_t u16Funcflags;
395
396 proto_item *sub_item;
397 proto_tree *sub_tree;
398
399 proto_item *func_elemdesc_sub_item;
400 proto_tree *func_elemdesc_tree;
401
402 uint32_t u32SubStart;
403
404 static int * const flags[] = {
405 &hf_typeinfo_funcdesc_funcflags_frestricted,
406 &hf_typeinfo_funcdesc_funcflags_fsource,
407 &hf_typeinfo_funcdesc_funcflags_fbindable,
408 &hf_typeinfo_funcdesc_funcflags_frequestedit,
409 &hf_typeinfo_funcdesc_funcflags_fdisplaybind,
410 &hf_typeinfo_funcdesc_funcflags_fdefaultbind,
411 &hf_typeinfo_funcdesc_funcflags_fhidden,
412 &hf_typeinfo_funcdesc_funcflags_fusesgetlasterror,
413 &hf_typeinfo_funcdesc_funcflags_fdefaultcollelem,
414 &hf_typeinfo_funcdesc_funcflags_fuidefault,
415 &hf_typeinfo_funcdesc_funcflags_fnowbrowsable,
416 &hf_typeinfo_funcdesc_funcflags_freplaceable,
417 &hf_typeinfo_funcdesc_funcflags_fimmediatebind,
418 NULL};
419
420 sub_item = proto_tree_add_item(tree, hfindex, tvb, offset, 0, ENC_NA);
421 sub_tree = proto_item_add_subtree(sub_item, ett_typeinfo_funcdesc);
422
423 u32SubStart = offset;
424
425 // memid
426 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
427 hf_typeinfo_funcdesc_memid, NULL);
428
429 // lReserved1
430 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
431 hf_typeinfo_funcdesc_resv32, NULL);
432 // lprgelemdescParam
433 offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, sub_tree, di, drep,
434 dissect_typeinfo_ELEMDESC_array, NDR_POINTER_PTR, "Parameter ElemDesc", hf_typeinfo_funcdesc_elemdesc);
435
436 // funckind
437 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
438 hf_typeinfo_funcdesc_funckind, NULL);
439
440 // invkind
441 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
442 hf_typeinfo_funcdesc_invkind, NULL);
443
444 // callconv
445 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
446 hf_typeinfo_funcdesc_callconv, NULL);
447
448 // cParams
449 offset = dissect_dcom_WORD(tvb, offset, pinfo, sub_tree, di, drep,
450 hf_typeinfo_funcdesc_params, NULL);
451
452 // cParamsOpt
453 offset = dissect_dcom_WORD(tvb, offset, pinfo, sub_tree, di, drep,
454 hf_typeinfo_funcdesc_paramsopt, NULL);
455
456 // oVft
457 offset = dissect_dcom_WORD(tvb, offset, pinfo, sub_tree, di, drep,
458 hf_typeinfo_funcdesc_vft, NULL);
459
460 // cReserved2
461 offset = dissect_dcom_WORD(tvb, offset, pinfo, sub_tree, di, drep,
462 hf_typeinfo_funcdesc_resv16, NULL);
463
464 // create tree for function element description
465 func_elemdesc_sub_item = proto_tree_add_item(sub_tree, hfindex, tvb, offset, 0, ENC_NA);
466 func_elemdesc_tree = proto_tree_add_subtree(sub_tree, tvb, offset, 0,
467 ett_typeinfo_elemdesc, &func_elemdesc_sub_item, "Function ElemDesc");
468 // elemdescFunc
469 offset = dissect_typeinfo_ELEMDESC(tvb, offset, pinfo, func_elemdesc_tree, di, drep, hf_typeinfo_funcdesc_elemdesc);
470
471 // func flags
472 uint16_t u16TmpOffset;
473 u16TmpOffset = dissect_dcom_WORD(tvb, offset, pinfo, NULL, di, drep, -1, &u16Funcflags);
474
475 proto_tree_add_bitmask_value(sub_tree, tvb, offset, hf_typeinfo_funcdesc_funcflags,
476 ett_typeinfo_funcdesc_funcflags, flags, u16Funcflags);
477
478 offset = u16TmpOffset;
479
480 proto_item_set_len(sub_item, offset - u32SubStart);
481
482 return offset;
483 }
484
485 int dissect_typeinfo_FUNCDESC_through_pointer(tvbuff_t *tvb, int offset, packet_info *pinfo,
486 proto_tree *tree, dcerpc_info *di, uint8_t *drep)
487 {
488 return dissect_typeinfo_FUNCDESC(tvb, offset, pinfo, tree, di, drep, hf_typeinfo_funcdesc);
489 }
490
491 int dissect_typeinfo_TYPEATTR(tvbuff_t *tvb, int offset, packet_info *pinfo,
492 proto_tree *tree, dcerpc_info *di, uint8_t *drep, int hfindex)
493 {
494 uint16_t u16wTypeFlags;
495
496 proto_item *sub_item;
497 proto_tree *sub_tree;
498 uint32_t u32SubStart;
499
500 static int * const flags[] = {
501 &hf_typeinfo_typeflags_fappobject,
502 &hf_typeinfo_typeflags_fcancreate,
503 &hf_typeinfo_typeflags_flicensed,
504 &hf_typeinfo_typeflags_fpredeclid,
505 &hf_typeinfo_typeflags_fhidden,
506 &hf_typeinfo_typeflags_fcontrol,
507 &hf_typeinfo_typeflags_fdual,
508 &hf_typeinfo_typeflags_fnonextensible,
509 &hf_typeinfo_typeflags_foleautomation,
510 &hf_typeinfo_typeflags_frestricted,
511 &hf_typeinfo_typeflags_faggregatable,
512 &hf_typeinfo_typeflags_freplaceable,
513 &hf_typeinfo_typeflags_fdispatchable,
514 &hf_typeinfo_typeflags_fproxy,
515 NULL};
516
517 sub_item = proto_tree_add_item(tree, hfindex, tvb, offset, 0, ENC_NA);
518 sub_tree = proto_item_add_subtree(sub_item, ett_typeinfo_typeattr);
519
520 u32SubStart = offset;
521
522 // guid
523 offset = dissect_dcom_UUID(tvb, offset, pinfo, sub_tree, di, drep,
524 hf_typeinfo_guid, NULL);
525
526 // lcid
527 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
528 hf_typeinfo_lcid, NULL);
529
530 // dwReserved1
531 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
532 hf_typeinfo_reserved32, NULL);
533
534 // dwReserved2
535 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
536 hf_typeinfo_reserved32, NULL);
537
538 // dwReserved3
539 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
540 hf_typeinfo_reserved32, NULL);
541
542 // lpstrReserved4
543 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
544 hf_typeinfo_reserved32, NULL);
545
546 // cbSizeInstance
547 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
548 hf_typeinfo_sizeInstance, NULL);
549
550 // typekind
551 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
552 hf_typeinfo_typekind, NULL);
553
554 // cFuncs
555 offset = dissect_dcom_WORD(tvb, offset, pinfo, sub_tree, di, drep,
556 hf_typeinfo_cFuncs, NULL);
557
558 // cVars
559 offset = dissect_dcom_WORD(tvb, offset, pinfo, sub_tree, di, drep,
560 hf_typeinfo_cVars, NULL);
561
562 // cImplTypes
563 offset = dissect_dcom_WORD(tvb, offset, pinfo, sub_tree, di, drep,
564 hf_typeinfo_cImplTypes, NULL);
565
566 // cbSizeVft
567 offset = dissect_dcom_WORD(tvb, offset, pinfo, sub_tree, di, drep,
568 hf_typeinfo_cbSizeVft, NULL);
569
570 // cbAlignment
571 offset = dissect_dcom_WORD(tvb, offset, pinfo, sub_tree, di, drep,
572 hf_typeinfo_cbAlignment, NULL);
573
574 // wTypeFlags
575 uint16_t u16TmpOffset;
576 u16TmpOffset = dissect_dcom_WORD(tvb, offset, pinfo, NULL, di, drep, -1, &u16wTypeFlags);
577
578 proto_tree_add_bitmask_value(sub_tree, tvb, offset, hf_typeinfo_typeflags,
579 ett_typeinfo_typeflags, flags, u16wTypeFlags);
580
581 offset = u16TmpOffset;
582
583 // wMajorVerNum
584 offset = dissect_dcom_WORD(tvb, offset, pinfo, sub_tree, di, drep,
585 hf_typeinfo_wMajorVerNum, NULL);
586
587 // wMinorVerNum
588 offset = dissect_dcom_WORD(tvb, offset, pinfo, sub_tree, di, drep,
589 hf_typeinfo_wMinorVerNum, NULL);
590
591 offset = dissect_typeinfo_TYPEDESC(tvb, offset, pinfo, sub_tree, di, drep, hf_typeinfo_typedesc);
592
593 // dwReserved5
594 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
595 hf_typeinfo_reserved32, NULL);
596
597 // wReserved6
598 offset = dissect_dcom_WORD(tvb, offset, pinfo, sub_tree, di, drep,
599 hf_typeinfo_reserved16, NULL);
600
601 proto_item_set_len(sub_item, offset - u32SubStart);
602
603 return offset;
604 }
605
606 int dissect_typeinfo_TYPEATTR_through_pointer(tvbuff_t *tvb, int offset, packet_info *pinfo,
607 proto_tree *tree, dcerpc_info *di, uint8_t *drep)
608 {
609 offset = dissect_typeinfo_TYPEATTR(tvb, offset, pinfo, tree, di, drep, hf_typeinfo_typeattr);
610
611 return offset;
612 }
613
614 static int
615 dissect_bstr_through_pointer(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, uint8_t *drep)
616 {
617 char szName[1000] = {0};
618 offset = dissect_dcom_BSTR(tvb, offset, pinfo, tree, di, drep,
619 di->hf_index, szName, sizeof(szName));
620 return offset;
621 }
622
623 static int
624 dissect_dword_through_pointer(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, uint8_t *drep)
625 {
626 offset = dissect_dcom_DWORD(tvb, offset, pinfo, tree, di, drep,
627 di->hf_index, NULL);
628
629 return offset;
630 }
631
632 int dissect_ITypeInfo_GetFuncDesc_rqst(tvbuff_t *tvb, int offset,
633 packet_info *pinfo, proto_tree *tree, dcerpc_info *di, uint8_t *drep)
634 {
635 offset = dissect_dcom_this(tvb, offset, pinfo, tree, di, drep);
636
637 offset = dissect_dcom_DWORD(tvb, offset, pinfo, tree, di, drep,
638 hf_typeinfo_index, NULL);
639
640 return offset;
641 }
642
643 int dissect_ITypeInfo_GetFuncDesc_resp(tvbuff_t *tvb, int offset,
644 packet_info *pinfo, proto_tree *tree, dcerpc_info *di, uint8_t *drep)
645 {
646 offset = dissect_dcom_that(tvb, offset, pinfo, tree, di, drep);
647
648 // funcdesc
649 offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, dissect_typeinfo_FUNCDESC_through_pointer, NDR_POINTER_UNIQUE, "Pointer to FuncDesc", hf_typeinfo_funcdesc);
650
651 // reserved
652 offset = dissect_dcom_DWORD(tvb, offset, pinfo, tree, di, drep,
653 hf_typeinfo_reserved32, NULL);
654
655 /* HRESULT of call */
656 offset = dissect_dcom_HRESULT(tvb, offset, pinfo, tree, di, drep,
657 NULL);
658
659 return offset;
660 }
661
662 int dissect_ITypeInfo_GetNames_rqst(tvbuff_t *tvb, int offset,
663 packet_info *pinfo, proto_tree *tree, dcerpc_info *di, uint8_t *drep)
664 {
665 offset = dissect_dcom_this(tvb, offset, pinfo, tree, di, drep);
666
667 // memid
668 offset = dissect_dcom_DWORD(tvb, offset, pinfo, tree, di, drep,
669 hf_typeinfo_memid, NULL);
670
671 // cMaxNames
672 offset = dissect_dcom_DWORD(tvb, offset, pinfo, tree, di, drep,
673 hf_typeinfo_maxnames, NULL);
674
675 return offset;
676 }
677
678 int dissect_ITypeInfo_GetNames_resp(tvbuff_t *tvb, int offset,
679 packet_info *pinfo, proto_tree *tree, dcerpc_info *di, uint8_t *drep)
680 {
681 uint32_t u32ArrayLength;
682 uint32_t u32Pointer;
683
684 uint32_t u32VarOffset;
685 uint32_t u32Tmp;
686
687 char szName[1000] = {0};
688
689 proto_item *sub_item;
690 proto_tree *sub_tree;
691 uint32_t u32SubStart;
692
693 offset = dissect_dcom_that(tvb, offset, pinfo, tree, di, drep);
694
695 sub_item = proto_tree_add_item(tree, hf_typeinfo_names, tvb, offset, 0, ENC_NA);
696 sub_tree = proto_item_add_subtree(sub_item, ett_typeinfo_names);
697
698 u32SubStart = offset;
699
700 offset = dissect_dcom_dcerpc_array_size(tvb, offset, pinfo, sub_tree, di, drep, NULL);
701 offset = dissect_dcom_dcerpc_pointer(tvb, offset, pinfo, sub_tree, di, drep, NULL);
702 offset = dissect_dcom_dcerpc_array_size(tvb, offset, pinfo, sub_tree, di, drep,
703 &u32ArrayLength);
704
705 u32VarOffset = offset + u32ArrayLength * 4;
706 u32Tmp = u32ArrayLength;
707 while (u32Tmp--)
708 {
709 offset = dissect_dcom_dcerpc_pointer(tvb, offset, pinfo, sub_tree, di, drep,
710 &u32Pointer);
711 if (u32Pointer)
712 {
713 u32VarOffset = dissect_dcom_BSTR(tvb, u32VarOffset, pinfo, sub_tree, di, drep,
714 hf_typeinfo_names_value, szName, sizeof(szName));
715 }
716 }
717 offset = u32VarOffset;
718
719 col_append_fstr(pinfo->cinfo, COL_INFO,
720 " %u Names", u32ArrayLength);
721
722 proto_item_set_len(sub_item, offset - u32SubStart);
723
724 // pcNames
725 offset = dissect_dcom_DWORD(tvb, offset, pinfo, tree, di, drep,
726 hf_typeinfo_maxnames, NULL);
727
728 /* HRESULT of call */
729 offset = dissect_dcom_HRESULT(tvb, offset, pinfo, tree, di, drep, NULL);
730
731 return offset;
732 }
733
734 int dissect_ITypeInfo_GetDocumentation_rqst(tvbuff_t *tvb, int offset,
735 packet_info *pinfo, proto_tree *tree, dcerpc_info *di, uint8_t *drep)
736 {
737 uint32_t u32Flags;
738
739 uint32_t u32TmpOffset;
740
741 static int * const flags[] = {
742 &hf_typeinfo_docflags_name,
743 &hf_typeinfo_docflags_docstring,
744 &hf_typeinfo_docflags_helpctx,
745 &hf_typeinfo_docflags_helpfile,
746 NULL};
747
748 offset = dissect_dcom_this(tvb, offset, pinfo, tree, di, drep);
749
750 // memid
751 offset = dissect_dcom_DWORD(tvb, offset, pinfo, tree, di, drep,
752 hf_typeinfo_memid, NULL);
753
754 // refPtrFlags
755 u32TmpOffset = dissect_dcom_DWORD(tvb, offset, pinfo, NULL, di, drep, -1, &u32Flags);
756
757 proto_tree_add_bitmask_value(tree, tvb, offset, hf_typeinfo_docflags,
758 ett_typeinfo_docflags, flags, u32Flags);
759
760 offset = u32TmpOffset;
761
762 return offset;
763 }
764
765 int dissect_ITypeInfo_GetDocumentation_resp(tvbuff_t *tvb, int offset,
766 packet_info *pinfo, proto_tree *tree, dcerpc_info *di, uint8_t *drep)
767 {
768 offset = dissect_dcom_that(tvb, offset, pinfo, tree, di, drep);
769
770 // pBstrDocName
771 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, di, drep, dissect_bstr_through_pointer, NDR_POINTER_UNIQUE, "Pointer to Doc Name", hf_typeinfo_docname);
772
773 // pBstrDocString
774 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, di, drep, dissect_bstr_through_pointer, NDR_POINTER_UNIQUE, "Pointer to Doc String", hf_typeinfo_docstring);
775
776 // pdwHelpContext
777 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, di, drep, dissect_dword_through_pointer, NDR_POINTER_UNIQUE, "Pointer to Help Context", hf_typeinfo_helpctx);
778
779 // pBstrHelpFile
780 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, di, drep, dissect_bstr_through_pointer, NDR_POINTER_UNIQUE, "Pointer to Help File", hf_typeinfo_helpfile);
781
782 /* HRESULT of call */
783 offset = dissect_dcom_HRESULT(tvb, offset, pinfo, tree, di, drep, NULL);
784 return offset;
785 }
786
787 int dissect_ITypeInfo_GetTypeAttr_rqst(tvbuff_t *tvb, int offset,
788 packet_info *pinfo, proto_tree *tree, dcerpc_info *di, uint8_t *drep)
789 {
790 offset = dissect_dcom_this(tvb, offset, pinfo, tree, di, drep);
791 return offset;
792 }
793
794 int dissect_ITypeInfo_GetTypeAttr_resp(tvbuff_t *tvb, int offset,
795 packet_info *pinfo, proto_tree *tree, dcerpc_info *di, uint8_t *drep)
796 {
797 offset = dissect_dcom_that(tvb, offset, pinfo, tree, di, drep);
798
799 offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, dissect_typeinfo_TYPEATTR_through_pointer, NDR_POINTER_UNIQUE, "Pointer to TypeAttr", hf_typeinfo_typeattr);
800
801 // reserved
802 offset = dissect_dcom_DWORD(tvb, offset, pinfo, tree, di, drep,
803 hf_typeinfo_reserved32, NULL);
804
805 /* HRESULT of call */
806 offset = dissect_dcom_HRESULT(tvb, offset, pinfo, tree, di, drep, NULL);
807
808 return offset;
809 }
810
811 /* sub dissector table of ITypeInfo interface */
812 static const dcerpc_sub_dissector typeinfo_dissectors[] = {
813 {3, "GetTypeAttr", dissect_ITypeInfo_GetTypeAttr_rqst, dissect_ITypeInfo_GetTypeAttr_resp},
814 {4, "GetTypeComp", NULL, NULL},
815 {5, "GetFuncDesc", dissect_ITypeInfo_GetFuncDesc_rqst, dissect_ITypeInfo_GetFuncDesc_resp},
816 {6, "GetVarDesc", NULL, NULL},
817 {7, "GetNames", dissect_ITypeInfo_GetNames_rqst, dissect_ITypeInfo_GetNames_resp},
818 {8, "GetRefTypeOfImplType", NULL, NULL},
819 {9, "GetImplTypeFlags", NULL, NULL},
820 {12, "GetDocumentation", dissect_ITypeInfo_GetDocumentation_rqst, dissect_ITypeInfo_GetDocumentation_resp},
821 {13, "GetDllEntry", NULL, NULL},
822 {14, "GetRefTypeInfo", NULL, NULL},
823 {16, "CreateInstance", NULL, NULL},
824 {17, "GetMops", NULL, NULL},
825 {18, "GetContainingTypeLib", NULL, NULL},
826
827 {0, NULL, NULL, NULL},
828 };
829
830 void proto_register_dcom_typeinfo(void)
831 {
832 static hf_register_info hf_typeinfo_typedesc_array[] = {
833 {&hf_typeinfo_typedesc,
834 {"TypeDesc", "typeinfo.typedesc", FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL}},
835 {&hf_typeinfo_typedesc_vtret,
836 {"VT Return Type", "typeinfo.typedesc.vtret", FT_UINT16, BASE_HEX, VALS(dcom_variant_type_vals), 0x0, NULL, HFILL}},
837 {&hf_typeinfo_typedesc_hreftype,
838 {"Ref Type", "typeinfo.typedesc.reftype", FT_UINT32, BASE_HEX, NULL, 0x0, NULL, HFILL}},
839 };
840 static hf_register_info hf_typeinfo_paramdesc_array[] = {
841 {&hf_typeinfo_paramdesc,
842 {"ParamDesc", "typeinfo.paramdesc", FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL}},
843 {&hf_typeinfo_paramdesc_paramflags,
844 {"Param Flags", "typeinfo.paramdesc.paramflags", FT_UINT16, BASE_HEX, NULL, 0x0, NULL, HFILL}},
845 {&hf_typeinfo_paramdesc_paramflags_fin,
846 {"FIN", "typeinfo.paramdesc.paramflags_fin", FT_BOOLEAN, 32, TFS(&tfs_set_notset), PARAMFLAG_FIN, NULL, HFILL}},
847 {&hf_typeinfo_paramdesc_paramflags_fout,
848 {"FOUT", "typeinfo.paramdesc.paramflags_fout", FT_BOOLEAN, 32, TFS(&tfs_set_notset), PARAMFLAG_FOUT, NULL, HFILL}},
849 {&hf_typeinfo_paramdesc_paramflags_flcid,
850 {"FLCID", "typeinfo.paramdesc.paramflags_flcid", FT_BOOLEAN, 32, TFS(&tfs_set_notset), PARAMFLAG_FLCID, NULL, HFILL}},
851 {&hf_typeinfo_paramdesc_paramflags_fretval,
852 {"FRETVAL", "typeinfo.paramdesc.paramflags_fretval", FT_BOOLEAN, 32, TFS(&tfs_set_notset), PARAMFLAG_FRETVAL, NULL, HFILL}},
853 {&hf_typeinfo_paramdesc_paramflags_fopt,
854 {"FOPT", "typeinfo.paramdesc.paramflags_fopt", FT_BOOLEAN, 32, TFS(&tfs_set_notset), PARAMFLAG_FOPT, NULL, HFILL}},
855 {&hf_typeinfo_paramdesc_paramflags_fhasdefault,
856 {"FHASDEFAULT", "typeinfo.paramdesc.paramflags_fhasdefault", FT_BOOLEAN, 32, TFS(&tfs_set_notset), PARAMFLAG_FHASDEFAULT, NULL, HFILL}},
857 {&hf_typeinfo_paramdesc_paramflags_fhascustdata,
858 {"FHASCUSTDATA", "typeinfo.paramdesc.paramflags_fhascustdata", FT_BOOLEAN, 32, TFS(&tfs_set_notset), PARAMFLAG_FHASCUSTDATA, NULL, HFILL}},
859 };
860
861 static hf_register_info hf_typeinfo_paramdescex_array[] = {
862 {&hf_typeinfo_paramdescex,
863 {"ParamDescEx", "typeinfo.paramdescex", FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL}},
864 {&hf_typeinfo_paramdescex_cbytes,
865 {"Length", "typeinfo.paramdescex.len", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL}},
866 {&hf_typeinfo_paramdescex_varDefaultValue,
867 {"VT Default Value", "typeinfo.paramdescex.vtdefaultval", FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL}},
868 };
869
870 static hf_register_info hf_typeinfo_funcdesc_array[] = {
871 {&hf_typeinfo_funcdesc,
872 {"FuncDesc", "typeinfo.funcdesc", FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL}},
873 {&hf_typeinfo_funcdesc_memid,
874 {"MemberID", "typeinfo.funcdesc.memberid", FT_UINT32, BASE_HEX, NULL, 0x0, NULL, HFILL}},
875 {&hf_typeinfo_funcdesc_funckind,
876 {"Function Kind", "typeinfo.funcdesc.funckind", FT_UINT32, BASE_HEX, NULL, 0x0, NULL, HFILL}},
877 {&hf_typeinfo_funcdesc_invkind,
878 {"Invoke Kind", "typeinfo.funcdesc.invkind", FT_UINT32, BASE_HEX, NULL, 0x0, NULL, HFILL}},
879 {&hf_typeinfo_funcdesc_callconv,
880 {"Call Conv", "typeinfo.funcdesc.callconv", FT_UINT32, BASE_HEX, NULL, 0x0, NULL, HFILL}},
881 {&hf_typeinfo_funcdesc_params,
882 {"Param Count", "typeinfo.funcdesc.params", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL}},
883 {&hf_typeinfo_funcdesc_paramsopt,
884 {"Param Optional Count", "typeinfo.funcdesc.paramsopt", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL}},
885 {&hf_typeinfo_funcdesc_vft,
886 {"VFT Offset", "typeinfo.funcdesc.ovft", FT_UINT16, BASE_HEX, NULL, 0x0, NULL, HFILL}},
887 {&hf_typeinfo_funcdesc_resv16,
888 {"Reserved", "typeinfo.funcdesc.resv", FT_UINT16, BASE_HEX, NULL, 0x0, NULL, HFILL}},
889 {&hf_typeinfo_funcdesc_resv32,
890 {"Reserved", "typeinfo.funcdesc.resv", FT_UINT32, BASE_HEX, NULL, 0x0, NULL, HFILL}},
891 {&hf_typeinfo_funcdesc_elemdesc,
892 {"ElemDesc", "typeinfo.funcdesc.elemdesc", FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL}},
893
894 {&hf_typeinfo_funcdesc_funcflags,
895 {"FuncFlags", "typeinfo.funcdesc.funcflags", FT_UINT16, BASE_HEX, NULL, 0x0, NULL, HFILL}},
896 {&hf_typeinfo_funcdesc_funcflags_frestricted,
897 {"FRESTRICTED", "typeinfo.funcdesc.funcflags_frestricted", FT_BOOLEAN, 32, TFS(&tfs_set_notset), FUNCFLAG_FRESTRICTED, NULL, HFILL}},
898 {&hf_typeinfo_funcdesc_funcflags_fsource,
899 {"FSOURCE", "typeinfo.funcdesc.funcflags_fsource", FT_BOOLEAN, 32, TFS(&tfs_set_notset), FUNCFLAG_FSOURCE, NULL, HFILL}},
900 {&hf_typeinfo_funcdesc_funcflags_fbindable,
901 {"FBINDABLE", "typeinfo.funcdesc.funcflags_fbindable", FT_BOOLEAN, 32, TFS(&tfs_set_notset), FUNCFLAG_FBINDABLE, NULL, HFILL}},
902 {&hf_typeinfo_funcdesc_funcflags_frequestedit,
903 {"FREQUESTEDIT", "typeinfo.funcdesc.funcflags_frequestedit", FT_BOOLEAN, 32, TFS(&tfs_set_notset), FUNCFLAG_FREQUESTEDIT, NULL, HFILL}},
904 {&hf_typeinfo_funcdesc_funcflags_fdisplaybind,
905 {"FDISPLAYBIND", "typeinfo.funcdesc.funcflags_fdisplaybind", FT_BOOLEAN, 32, TFS(&tfs_set_notset), FUNCFLAG_FDISPLAYBIND, NULL, HFILL}},
906 {&hf_typeinfo_funcdesc_funcflags_fdefaultbind,
907 {"FDEFAULTBIND", "typeinfo.funcdesc.funcflags_fdefaultbind", FT_BOOLEAN, 32, TFS(&tfs_set_notset), FUNCFLAG_FDEFAULTBIND, NULL, HFILL}},
908 {&hf_typeinfo_funcdesc_funcflags_fhidden,
909 {"FHIDDEN", "typeinfo.funcdesc.funcflags_fhidden", FT_BOOLEAN, 32, TFS(&tfs_set_notset), FUNCFLAG_FHIDDEN, NULL, HFILL}},
910 {&hf_typeinfo_funcdesc_funcflags_fusesgetlasterror,
911 {"FUSESGETLASTERROR", "typeinfo.funcdesc.funcflags_fusesgetlasterror", FT_BOOLEAN, 32, TFS(&tfs_set_notset), FUNCFLAG_FUSESGETLASTERROR, NULL, HFILL}},
912 {&hf_typeinfo_funcdesc_funcflags_fdefaultcollelem,
913 {"FDEFAULTCOLLELEM", "typeinfo.funcdesc.funcflags_fdefaultcollelem", FT_BOOLEAN, 32, TFS(&tfs_set_notset), FUNCFLAG_FDEFAULTCOLLELEM, NULL, HFILL}},
914 {&hf_typeinfo_funcdesc_funcflags_fuidefault,
915 {"FUIDEFAULT", "typeinfo.funcdesc.funcflags_fuidefault", FT_BOOLEAN, 32, TFS(&tfs_set_notset), FUNCFLAG_FUIDEFAULT, NULL, HFILL}},
916 {&hf_typeinfo_funcdesc_funcflags_fnowbrowsable,
917 {"FNONBROWSABLE", "typeinfo.funcdesc.funcflags_fnowbrowsable", FT_BOOLEAN, 32, TFS(&tfs_set_notset), FUNCFLAG_FNONBROWSABLE, NULL, HFILL}},
918 {&hf_typeinfo_funcdesc_funcflags_freplaceable,
919 {"FREPLACEABLE", "typeinfo.funcdesc.funcflags_freplaceable", FT_BOOLEAN, 32, TFS(&tfs_set_notset), FUNCFLAG_FREPLACEABLE, NULL, HFILL}},
920 {&hf_typeinfo_funcdesc_funcflags_fimmediatebind,
921 {"FIMMEDIATEBIND", "typeinfo.funcdesc.funcflags_fimmediatebind", FT_BOOLEAN, 32, TFS(&tfs_set_notset), FUNCFLAG_FIMMEDIATEBIND, NULL, HFILL}},
922
923 };
924
925 static hf_register_info hf_typeinfo_array[] = {
926 {&hf_typeinfo_opnum,
927 {"Operation", "typeinfo.opnum", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL}},
928 {&hf_typeinfo_index,
929 {"Function Index", "typeinfo.funcindex", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL}},
930 {&hf_typeinfo_reserved32,
931 {"Reserved", "typeinfo.resv", FT_UINT32, BASE_HEX, NULL, 0x0, NULL, HFILL}},
932 {&hf_typeinfo_reserved16,
933 {"Reserved", "typeinfo.resv", FT_UINT16, BASE_HEX, NULL, 0x0, NULL, HFILL}},
934
935 {&hf_typeinfo_memid,
936 {"MemberID", "typeinfo.memberid", FT_UINT32, BASE_HEX, NULL, 0x0, NULL, HFILL}},
937
938 {&hf_typeinfo_names,
939 {"Names", "typeinfo.names", FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL}},
940 {&hf_typeinfo_names_value,
941 {"Value", "typeinfo.names.value", FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL}},
942 {&hf_typeinfo_maxnames,
943 {"Max Names", "typeinfo.maxnames", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL}},
944
945 {&hf_typeinfo_docflags,
946 {"Documentation Flags", "typeinfo.docflags", FT_UINT32, BASE_HEX, NULL, 0x0, NULL, HFILL}},
947
948 {&hf_typeinfo_docflags_name,
949 {"NameArg", "typeinfo.docflags_namearg", FT_BOOLEAN, 32, TFS(&tfs_set_notset), TYPEINFO_DOCFLAGS_NameArg, NULL, HFILL}},
950 {&hf_typeinfo_docflags_docstring,
951 {"DocStringArg", "typeinfo.docflags_docstringarg", FT_BOOLEAN, 32, TFS(&tfs_set_notset), TYPEINFO_DOCFLAGS_DocStringArg, NULL, HFILL}},
952 {&hf_typeinfo_docflags_helpctx,
953 {"HelpContextArg", "typeinfo.docflags_helpctxarg", FT_BOOLEAN, 32, TFS(&tfs_set_notset), TYPEINFO_DOCFLAGS_HelpContextArg, NULL, HFILL}},
954 {&hf_typeinfo_docflags_helpfile,
955 {"HelpFileArg", "typeinfo.docflags_helpfilearg", FT_BOOLEAN, 32, TFS(&tfs_set_notset), TYPEINFO_DOCFLAGS_HelpFileArg, NULL, HFILL}},
956
957 {&hf_typeinfo_docname,
958 {"Doc Name", "typeinfo.docname", FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL}},
959 {&hf_typeinfo_docstring,
960 {"Doc String", "typeinfo.docstring", FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL}},
961 {&hf_typeinfo_helpfile,
962 {"Help File", "typeinfo.helpfile", FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL}},
963 {&hf_typeinfo_helpctx,
964 {"Help Ctx", "typeinfo.helpctx", FT_UINT32, BASE_HEX, NULL, 0x0, NULL, HFILL}},
965
966 {&hf_typeinfo_typeattr,
967 {"TypeAttr", "typeinfo.typeattr", FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL}},
968 {&hf_typeinfo_guid,
969 {"GUID", "typeinfo.guid", FT_GUID, BASE_NONE, NULL, 0x0, NULL, HFILL}},
970 {&hf_typeinfo_lcid,
971 {"LCID", "typeinfo.lcid", FT_UINT32, BASE_HEX, VALS(dcom_lcid_vals), 0x0, NULL, HFILL}},
972 {&hf_typeinfo_sizeInstance,
973 {"Size Instance", "typeinfo.sizeinstance", FT_UINT32, BASE_HEX, NULL, 0x0, NULL, HFILL}},
974 {&hf_typeinfo_typekind,
975 {"Type Kind", "typeinfo.typekind", FT_UINT32, BASE_HEX, VALS(typekind_vals), 0x0, NULL, HFILL}},
976 {&hf_typeinfo_cFuncs,
977 {"Func Count", "typeinfo.funcs", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL}},
978 {&hf_typeinfo_cVars,
979 {"Variables Count", "typeinfo.vars", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL}},
980 {&hf_typeinfo_cImplTypes,
981 {"Implemented Interface Count", "typeinfo.impltypes", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL}},
982 {&hf_typeinfo_cbSizeVft,
983 {"Virtual Table Size", "typeinfo.sizevft", FT_UINT16, BASE_HEX, NULL, 0x0, NULL, HFILL}},
984 {&hf_typeinfo_cbAlignment,
985 {"Byte Alignment", "typeinfo.balignment", FT_UINT16, BASE_HEX, NULL, 0x0, NULL, HFILL}},
986 {&hf_typeinfo_wMajorVerNum,
987 {"MajorVerNum", "typeinfo.majorvernum", FT_UINT16, BASE_HEX, NULL, 0x0, NULL, HFILL}},
988 {&hf_typeinfo_wMinorVerNum,
989 {"MinorVerNum", "typeinfo.minorvernum", FT_UINT16, BASE_HEX, NULL, 0x0, NULL, HFILL}},
990
991 {&hf_typeinfo_typeflags,
992 {"Type Flags", "typeinfo.typeflags", FT_UINT32, BASE_HEX, NULL, 0x0, NULL, HFILL}},
993 {&hf_typeinfo_typeflags_fappobject,
994 {"FAPPOBJECT", "typeinfo.typeflags_fappobject", FT_BOOLEAN, 32, TFS(&tfs_set_notset), TYPEINFO_TYPEFLAG_FAPPOBJECT, NULL, HFILL}},
995 {&hf_typeinfo_typeflags_fcancreate,
996 {"FCANCREATE", "typeinfo.typeflags_fcancreate", FT_BOOLEAN, 32, TFS(&tfs_set_notset), TYPEINFO_TYPEFLAG_FCANCREATE, NULL, HFILL}},
997 {&hf_typeinfo_typeflags_flicensed,
998 {"FLICENSED", "typeinfo.typeflags_flicensed", FT_BOOLEAN, 32, TFS(&tfs_set_notset), TYPEINFO_TYPEFLAG_FLICENSED, NULL, HFILL}},
999 {&hf_typeinfo_typeflags_fpredeclid,
1000 {"FPREDECLID", "typeinfo.typeflags_fpredeclid", FT_BOOLEAN, 32, TFS(&tfs_set_notset), TYPEINFO_TYPEFLAG_FPREDECLID, NULL, HFILL}},
1001 {&hf_typeinfo_typeflags_fhidden,
1002 {"FHIDDEN", "typeinfo.typeflags_fhidden", FT_BOOLEAN, 32, TFS(&tfs_set_notset), TYPEINFO_TYPEFLAG_FHIDDEN, NULL, HFILL}},
1003 {&hf_typeinfo_typeflags_fcontrol,
1004 {"FCONTROL", "typeinfo.typeflags_fcontrol", FT_BOOLEAN, 32, TFS(&tfs_set_notset), TYPEINFO_TYPEFLAG_FCONTROL, NULL, HFILL}},
1005 {&hf_typeinfo_typeflags_fdual,
1006 {"FDUAL", "typeinfo.typeflags_fdual", FT_BOOLEAN, 32, TFS(&tfs_set_notset), TYPEINFO_TYPEFLAG_FDUAL, NULL, HFILL}},
1007 {&hf_typeinfo_typeflags_fnonextensible,
1008 {"FNONEXTENSIBLE", "typeinfo.typeflags_fnonextensible", FT_BOOLEAN, 32, TFS(&tfs_set_notset), TYPEINFO_TYPEFLAG_FNONEXTENSIBLE, NULL, HFILL}},
1009 {&hf_typeinfo_typeflags_foleautomation,
1010 {"FOLEAUTOMATION", "typeinfo.typeflags_foleautomation", FT_BOOLEAN, 32, TFS(&tfs_set_notset), TYPEINFO_TYPEFLAG_FOLEAUTOMATION, NULL, HFILL}},
1011 {&hf_typeinfo_typeflags_frestricted,
1012 {"FRESTRICTED", "typeinfo.typeflags_frestricted", FT_BOOLEAN, 32, TFS(&tfs_set_notset), TYPEINFO_TYPEFLAG_FRESTRICTED, NULL, HFILL}},
1013 {&hf_typeinfo_typeflags_faggregatable,
1014 {"FAGGREGATABLE", "typeinfo.typeflags_faggregatable", FT_BOOLEAN, 32, TFS(&tfs_set_notset), TYPEINFO_TYPEFLAG_FAGGREGATABLE, NULL, HFILL}},
1015 {&hf_typeinfo_typeflags_freplaceable,
1016 {"FREPLACEABLE", "typeinfo.typeflags_freplaceable", FT_BOOLEAN, 32, TFS(&tfs_set_notset), TYPEINFO_TYPEFLAG_FREPLACEABLE, NULL, HFILL}},
1017 {&hf_typeinfo_typeflags_fdispatchable,
1018 {"FDISPATCHABLE", "typeinfo.typeflags_fdispatchable", FT_BOOLEAN, 32, TFS(&tfs_set_notset), TYPEINFO_TYPEFLAG_FDISPATCHABLE, NULL, HFILL}},
1019 {&hf_typeinfo_typeflags_fproxy,
1020 {"FPROXY", "typeinfo.typeflags_fproxy", FT_BOOLEAN, 32, TFS(&tfs_set_notset), TYPEINFO_TYPEFLAG_FPROXY, NULL, HFILL}},
1021 };
1022
1023 static int *ett[] = {
1024 &ett_typeinfo,
1025 &ett_typeinfo_docflags,
1026 &ett_typeinfo_typeflags,
1027 &ett_typeinfo_names,
1028 &ett_typeinfo_typeattr,
1029 &ett_typeinfo_elemdesc,
1030 &ett_typeinfo_typedesc,
1031 &ett_typeinfo_paramdesc,
1032 &ett_typeinfo_paramdesc_paramflags,
1033 &ett_typeinfo_paramdescex,
1034 &ett_typeinfo_funcdesc,
1035 &ett_typeinfo_funcdesc_funcflags,
1036 };
1037
1038 /* ITypeInfo currently only partially implemented */
1039 proto_typeinfo = proto_register_protocol("DCOM ITypeInfo", "ITypeInfo", "typeinfo");
1040 proto_register_field_array(proto_typeinfo, hf_typeinfo_typedesc_array, array_length(hf_typeinfo_typedesc_array));
1041 proto_register_field_array(proto_typeinfo, hf_typeinfo_paramdesc_array, array_length(hf_typeinfo_paramdesc_array));
1042 proto_register_field_array(proto_typeinfo, hf_typeinfo_paramdescex_array, array_length(hf_typeinfo_paramdescex_array));
1043 proto_register_field_array(proto_typeinfo, hf_typeinfo_funcdesc_array, array_length(hf_typeinfo_funcdesc_array));
1044 proto_register_field_array(proto_typeinfo, hf_typeinfo_array, array_length(hf_typeinfo_array));
1045 proto_register_subtree_array(ett, array_length(ett));
1046 }
1047
1048 void proto_reg_handoff_dcom_typeinfo(void)
1049 {
1050 dcerpc_init_uuid(proto_typeinfo, ett_typeinfo,
1051 &uuid_typeinfo, ver_typeinfo,
1052 typeinfo_dissectors, hf_typeinfo_opnum);
1053 }
1054
1055 /*
1056 * Editor modelines - https://www.wireshark.org/tools/modelines.html
1057 *
1058 * Local variables:
1059 * c-basic-offset: 8
1060 * tab-width: 8
1061 * indent-tabs-mode: t
1062 * End:
1063 *
1064 * vi: set shiftwidth=8 tabstop=8 noexpandtab:
1065 * :indentSize=8:tabSize=8:noTabs=false:
1066 */
Metzes wireshark repo